Provided by: shorewall-lite_5.2.3.4-1_all bug


       shorewall-lite.conf - Shorewall Lite global configuration file




       This file sets options that apply to Shorewall Lite as a whole.

       The file consists of Shell comments (lines beginning with '#'), blank lines and assignment
       statements (variable=value). Each variable's setting is preceded by comments that describe
       the variable and it's effect.

       Any option not specified in this file gets its value from the shorewall.conf file used
       during compilation of /var/lib/shorewall-lite/firewall. Those settings may be found in the
       file /var/lib/shorewall-lite/firewall.conf.


       The following options may be set in shorewall.conf.

           This parameter names the iptables executable to be used by Shorewall. If not specified
           or if specified as a null value, then the iptables executable located using the PATH
           option is used.

           This parameter tells the /sbin/shorewall program where to look for Shorewall messages
           when processing the dump, logwatch, show log, and hits commands. If not assigned or if
           assigned an empty value, /var/log/messages is assumed.

           The value of this variable generate the --log-prefix setting for Shorewall logging
           rules. It contains a “printf” formatting template which accepts three arguments (the
           chain name, logging rule number (optional) and the disposition). To use LOGFORMAT with
           fireparse, set it as:

                   LOGFORMAT="fp=%s:%d a=%s "

           If the LOGFORMAT value contains the substring “%d” then the logging rule number is
           calculated and formatted in that position; if that substring is not included then the
           rule number is not included. If not supplied or supplied as empty (LOGFORMAT="") then
           “Shorewall:%s:%s:” is assumed.

           Determines the order in which Shorewall searches directories for executable files.

           Specifies the simple name of a file in /var/lib/shorewall to be used as the default
           restore script in the shorewall save, shorewall restore, shorewall forget and
           shorewall -f start commands.

           This option is used to specify the shell program to be used to run the Shorewall
           compiler and to interpret the compiled script. If not specified or specified as a null
           value, /bin/sh is assumed. Using a light-weight shell such as ash or dash can
           significantly improve performance.

           This parameter should be set to the name of a file that the firewall should create if
           it starts successfully and remove when it stops. Creating and removing this file
           allows Shorewall to work with your distribution's initscripts. For RedHat, this should
           be set to /var/lock/subsys/shorewall. For Debian, the value is /var/state/shorewall
           and in LEAF it is /var/run/shorewall.

           Shorewall has traditionally been very noisy (produced lots of output). You may set the
           default level of verbosity using the VERBOSITY OPTION.

           Values are:
               0 - Silent. You may make it more verbose using the -v
               1 - Major progress messages displayed
               2 - All progress messages displayed (old default
           If not specified, then 2 is assumed.




       shorewall-lite(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5),
       shorewall-hosts(5), shorewall-interfaces(5), shorewall-ipsec(5), shorewall-maclist(5),
       shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5),
       shorewall-route_rules(5), shorewall-routestopped(5), shorewall-rules(5),
       shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)